Skip to main content

Apple Silicon Vulnerability Allows Hackers to Extract Encryption Keys

An unpatchable vulnerability has been discovered in Apple's M-series chips that allows attackers to extract secret encryption keys from Macs under certain conditions, according to a newly published academic research paper (via ArsTechnica).


Named "GoFetch," the type of cyber attack described involves Data Memory-Dependent Prefetchers (DMPs), which try to predict what data the computer will need next and retrieve it in advance. This is meant to make processing faster, but it can unintentionally reveal information about what the computer is doing.

The paper finds that DMPs, especially the ones in Apple's processors, pose a significant threat to the security provided by constant-time programming models, which are used to write programs so that they take the same amount of time to run, no matter what data they're dealing with.

The constant-time programming model is meant to protect against side-channel attacks, or types of attacks where someone can gain sensitive information from a computer system without directly accessing it (by observing certain patterns, for example). The idea is that if all operations take the same amount of time, there's less for an attacker to observe and exploit.

However, the paper finds that DMPs, particularly in Apple silicon, can leak information even if the program is designed not to reveal any patterns in how it accesses memory. The new research finds that the DMPs can sometimes confuse memory content, which causes it to treat the data as an address to perform memory access, which goes against the constant-time model.

The authors present GoFetch as a new type of attack that can exploit this vulnerability in DMPs to extract encryption keys from secure software. The attack works against some popular encryption algorithms that are thought to be resistant to side-channel attacks, including both traditional (e.g. OpenSSL Diffie-Hellman Key Exchange, Go RSA decryption) and post-quantum (e.g. CRYSTALS-Kyber and CRYSTALS-Dilithium) cryptographic methods.

In an email to ArsTechnica, the authors explained:
Prefetchers usually look at addresses of accessed data (ignoring values of accessed data) and try to guess future addresses that might be useful. The DMP is different in this sense as in addition to addresses it also uses the data values in order to make predictions (predict addresses to go to and prefetch). In particular, if a data value "looks like" a pointer, it will be treated as an "address" (where in fact it's actually not!) and the data from this "address" will be brought to the cache. The arrival of this address into the cache is visible, leaking over cache side channels.

Our attack exploits this fact. We cannot leak encryption keys directly, but what we can do is manipulate intermediate data inside the encryption algorithm to look like a pointer via a chosen input attack. The DMP then sees that the data value "looks like" an address, and brings the data from this "address" into the cache, which leaks the "address." We don't care about the data value being prefetched, but the fact that the intermediate data looked like an address is visible via a cache channel and is sufficient to reveal the secret key over time.
In summary, the paper shows that the DMP feature in Apple silicon CPUs could be used to bypass security measures in cryptography software that were thought to protect against such leaks, potentially allowing attackers to access sensitive information, such as a 2048-bit RSA key, in some cases in less than an hour.

According to the authors, the flaw in Apple's chips cannot be patched directly. Instead, the attack vector can only be reduced by building defenses into third-party cryptographic software that could result in an extreme performance degradation when executing the cryptographic operations, particularly on the earlier M1 and M2 chips. The DMP on the M3, Apple's latest chip, has a special bit that developers can invoke to disable it, but the researchers aren't yet sure what kind of penalty will occur when this performance optimization is turned off.

As ArsTechnica notes, this isn't the first time researchers have identified threats in Apple DMPs. Research documented in 2022 discovered one such threat in both the ‌M1‌ and Apple's A14 Bionic chip for iPhones, which resulted in the "Augury" attack. However, this attack was ultimately unable to extract the sensitive data when constant-time practices were used.
"GoFetch shows that the DMP is significantly more aggressive than previously thought and thus poses a much greater security risk," the researchers claim on their website. "Specifically, we find that any value loaded from memory is a candidate for being dereferenced (literally!). This allows us to sidestep many of Augury's limitations and demonstrate end-to-end attacks on real constant-time code."
DMP-style attacks are not common, and typically require physical access to a Mac. The researchers informed Apple of the vulnerability in December 2023, and users concerned about the vulnerability are advised to check for GoFetch mitigation updates that become available in future macOS updates for any of the encryption protocols known to be vulnerable. Apple representatives declined to comment on the record when ArsTechnica asked about the paper.
This article, "Apple Silicon Vulnerability Allows Hackers to Extract Encryption Keys" first appeared on MacRumors.com

Discuss this article in our forums



Source: TechRadar

Popular posts from this blog

The hidden cost of food delivery

Noah Lichtenstein Contributor Share on Twitter Noah Lichtenstein is the founder and managing partner of Crossover , a diversified private technology fund backed by institutional investors, technology execs and professional athletes and entertainers. More posts by this contributor What Studying Students Teaches Us About Great Apps I’ll admit it: When it comes to food, I’m lazy. There are dozens of great dining options within a few blocks of my home, yet I still end up ordering food through delivery apps four or five times per week. With the growing coronavirus pandemic closing restaurants and consumers self-isolating, it is likely we will see a spike in food delivery much like the 20% jump China reported during the peak of its crisis. With the food delivery sector rocketing toward a projected $365 billion by the end of the decade, I’m clearly not the only one turning to delivery apps even before the pandemic hit. Thanks to technology (and VC funding) we can get a ri

Technics EAH-AZ60 review: Contending in stunning fashion

Technics serves notice that everyone should notice these earbuds. Technics ventured into the wireless earbuds category to go after the big dogs in the race. Think of the likes of Sony, Bose, and Sennheiser on sound quality, as well as the best you can find on design and functionality. It's a combination that comes at a price, but if done right, it gets easier to justify spending more. That's the case Technics makes with its EAH-Z60 earbuds. Its newest pair aims to take what the company has done in the past and make it even better. The results are easy to like and are significant enough to consider them as serious contenders. Technics EAH-AZ60 review: Price and availability What's good What's not good The competition Should you buy? At a glance Technics EAH-AZ60 Bottom line: Technics didn't just do one thing right with the EAH-AZ60. It covered almost the whole gamut of what makes wireless earbuds feel and sound exceptional. As a result, the p

iOS 14 Favorites Widget: How to Make a Replacement With Shortcuts

In iOS 14 , Apple overhauled widgets and introduced an option for adding ‌widgets‌ to the Home Screen , but in the process, a well-loved Favorites widget that existed in iOS 13 was removed. The Favorites widget let users set certain contacts and contact methods as favorites that were easily accessible, so you could, for example, add a favorite option for messaging Eric or calling Dan, with those actions executed with a tap. Why the Favorites widget was removed is a mystery and it could be a simple oversight with Apple planning to reintroduce it later, but for now, those who relied on the widget can recreate its functionality with Shortcuts. It takes some effort, but it may be worth the time investment if you often relied on your Favorites. Creating a Favorites Shortcut Making a shortcut that replicates the behavior of the Favorites widget isn't too tough, but if you want multiple favorite options, you'll need to create a separate shortcut for each one in the Shortcuts

Top Stories: Apple Event Preview, iPad Pro With M4 Chip Rumor, New Beats Headphones, and More

It's been a long time since the last one, but an Apple event is finally right around the corner! While it's anticipated to be a fairly short pre-recorded affair, we're expecting to see the first updates to the iPad lineup in over a year and half, so make sure to tune in to see what Apple has in store. Other news and rumors this week included a couple of product introductions from Apple's Beats brand, a roundup of rumors about updates to Apple's stock apps coming in iOS 18, and more changes to Apple's policies in the EU related to the Digital Markets Act, so read on below for all the details! What to Expect From the May 7 Apple Event Apple's first event of 2024 kicks off on Tuesday, May 7, at 7 a.m. Pacific Time, and we've put together our usual pre-event guide outlining what we're expecting to see on Tuesday. Several new products are expected to be unveiled, including two new iPad Pro models, two new iPad Air models, an updated Apple Pencil,